FROM python:3.11-slim

# Create a non-root user
RUN useradd -ms /bin/bash mcp

WORKDIR /app

# Install Node.js, curl, unzip, and system dependencies for Playwright
RUN apt-get update && \
    apt-get install -y curl unzip && \
    # Install Node.js v18.x
    curl -fsSL https://deb.nodesource.com/setup_18.x | bash - && \
    apt-get install -y nodejs && \
    # Install common Playwright browser dependencies
    apt-get install -y --no-install-recommends \
        libnss3 libnspr4 libatk1.0-0 libatk-bridge2.0-0 libcups2 libdbus-1-3 \
        libdrm2 libgbm1 libgtk-3-0 libx11-6 libxcb1 libxcomposite1 libxdamage1 libxext6 \
        libxfixes3 libxrandr2 libxtst6 libasound2 libpango-1.0-0 libcairo2 libatspi2.0-0 \
        libxshmfence1 libxrandr2 && \
    # Clean up
    apt-get clean && rm -rf /var/lib/apt/lists/*

# Copy entrypoint script and make it executable
# Note: At this point, /app is owned by root, but entrypoint.sh is copied in.
COPY entrypoint.sh /app/
RUN chmod +x /app/entrypoint.sh

# Switch to non-root user for Bun installation
USER mcp
# Install Bun
RUN curl -fsSL https://bun.sh/install | bash

# Add Bun to PATH for the mcp user
ENV BUN_INSTALL="/home/mcp/.bun"
ENV PATH="${BUN_INSTALL}/bin:${PATH}"

# Switch back to root for global installations using pip
USER root
RUN pip install --no-cache-dir mcpo uv

# --- Playwright Installation Section ---
# Create the target Playwright cache directory (owned by root initially)
RUN mkdir -p /app/.cache/ms-playwright
# Set the environment variable to tell Playwright where to install/find browsers
ENV PLAYWRIGHT_BROWSERS_PATH="/app/.cache/ms-playwright"
# Install Playwright browsers using npx (as root)
RUN npx playwright install chromium --with-deps
# --- End of Playwright Section ---

# Set general cache directory env var (directory created above)
ENV XDG_CACHE_HOME="/app/.cache"

# --- Change Ownership Section ---
# NOW, change ownership of the entire /app directory and its contents to mcp
# This includes /app/entrypoint.sh and /app/.cache and its contents (like playwright browsers)
RUN chown -R mcp:mcp /app
# --- End of Change Ownership Section ---

# Switch back to non-root user for running the application
# This user now owns /app and can write config.json into it.
USER mcp

# Expose the port mcpo will listen on
EXPOSE 8000

# Set the entrypoint script (runs as mcp user)
ENTRYPOINT ["/app/entrypoint.sh"]